Stay up to date on the latest risks, threats, and product vulnerabilities.

Our analysts and researchers unpack emerging vulnerabilities as they happen, to guide clients on how best to react and respond.

Aware of an incident impacting your organization? Let us know:

Report an incident

March 24, 2025

Oracle Cloud Infrastructure Client Data Leaked to Cybercrime Forum

On March 20th, a user on BreachForums claimed to have compromised Oracle Cloud Infrastructure (OCI). The breach reportedly affected servers responsible for authenticating users to Oracle Cloud services.

March 18, 2025

Uptick in Fake CAPTCHA Campaigns Trick Users to Deliver Malware

Beazley Security has identified multiple cybercriminal campaigns leveraging deceptive advertisements and fake CAPTCHA pages to distribute malware. These campaigns trick victims into executing malicious PowerShell commands that stage and execute infostealer malware, leading to credential theft and potential of further financial and operational impacts.

March 5, 2025

Critical Vulnerabilities in VMWare ESXi (CVE-2025-22224, CVE-2025-22225) Under Active Exploitation

On March 4th, 2025, Broadcom published an advisory detailing multiple critical vulnerabilities in their VMWare ESXi product. Two of the vulnerabilities (CVE-2025-22224 and CVE-2025-22225) can be used together to allow a successful attacker with local administrator privileges on a hosted virtual machine to execute code as the container VMX process.

January 17, 2025

Security Advisory: Fortinet BreachForums Dump

On January 14th, Beazley Security Labs observed an advertisement posted to the cybercrime community BreachForums, detailing a dump of configuration files and passwords from over 15 thousand Fortinet network appliances.

January 16, 2025

Critical Vulnerability in FortiOS and FortiProxy under Active Exploitation (CVE-2024-55591)

Fortinet published an advisory about a critical authentication bypass vulnerability in their FortiOS and FortiProxy software, identified as CVE-2024-55591.

January 9, 2025

Critical Vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateway under Active Exploitation (CVE-2025-0282)

Software vendor Ivanti published an advisory detailing a critical vulnerability in their Connect Secure, Policy Secure, and ZTA Gateway products.

December 12, 2024

Critical Vulnerability in Cleo Software (CVE-2024-50623)

On December 10th, software vendor Cleo published an advisory detailing a critical vulnerability (CVE- 2024-50623) in their Harmony, VLTrader, and LexiCom products which allows an unauthenticated attacker to upload malicious files and abuse a system autorun feature to achieve remote code execution (RCE).

November 18, 2024

Critical Vulnerability in Palo Alto PAN-OS (CVE-2024-0012)

On November 18th, Palo Alto Networks published an advisory regarding a critical vulnerability in their PAN-OS software, a core component for their next-generation firewall product line.

October 30, 2024

Critical Vulnerability in Cisco ASA (CVE-2024-20329)

On October 24th, 2024, Cisco published an advisory regarding a critical vulnerability in their Adaptive Security Appliance (ASA) Software, a core component of their firewall and VPN appliances.

October 23, 2024

Critical Vulnerability in FortiManager (CVE-2024-47575)

There is a critical vulnerability in FortiManager: a tool for centrally managing Fortinet products. This weakness is actively being exploited. Take action now.

October 11, 2024

Critical Vulnerability in Palo Alto Expedition (CVE-2024-9464 and CVE-2024-9465)

On October 9th, 2024, cyber security firm Horizon3 published a blog post detailing multiple critical vulnerabilities they discovered in Palo Alto’s Expedition product.

September 27, 2024

Critical Vulnerability in CUPS (CVE-2024-47177)

On September 26th, 2024, an independent researcher disclosed acritical vulnerability in CUPS, a printing software package commonly used in Linux systems. CUPS may be enabled by default on some versions of Linux, meaning a server not intended or used as a printer server may still be vulnerable as a result.

September 13, 2024

Critical Vulnerability in Ivanti EPM (CVE-2024-29847)

On September 10th, 2024, Ivanti published an advisory detailing multiple critical severity vulnerabilities in their Endpoint Management (EPM) product. The EPM product manages IT assets, troubleshooting, and deployment of software and operating systems. A vulnerability in a system with this amount of control over a network environment presents significant risk.

July 19, 2024

Guidance & Support: Windows Systems Experiencing Boot Loop Due to CrowdStrike Update

Beazley Security is aware of reports concerning crashes on Windows hosts related to the Falcon Sensor. Beazley Security has written recovery guidance for organizations who are impacted by this issue.

July 1, 2024

Critical Vulnerability in OpenSSH (CVE-2024-6387)

On July 1st, Qualys Security publicly disclosed details regarding an impactful vulnerability in OpenSSH, an essential software tool used globally for secure network communications and remote system administration.

June 28, 2024

Critical Vulnerability in FileCatalyst Workflow (CVE-2024-5276)

On June 25th, software company Fortra disclosed a critical severity vulnerability in their managed file transfer software application, FileCatalyst Workflow. The vulnerability is being tracked as CVE-2024-5276 which is an SQL Injection vulnerability that allows an attacker to modify application data. File transfer applications are typically deployed exposed to the Internet, and a compromise of this system can grant remote attackers a foothold into an organizations internal network.

June 27, 2024

Critical Vulnerability in MOVEit Transfer (CVE-2024-5806)

On June 25th, software company Progress publicly disclosed a critical severity vulnerability in their managed file transfer software application, MOVEit Transfer. The vulnerability is being tracked as CVE-2024-5806 and allows a remote attacker to bypass authentication and log in as any valid user on the system.

April 24, 2024

Sophisticated Attack Against Cisco ASA and FTD Software Leveraging Multiple Vulnerabilities (CVE-2024-20353, CVE-2024-20358, CVE-2024-20359)

On April 24th, Cisco reported on an attack campaign against certain Cisco devices running Cisco Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) Software. The report detailed three vulnerabilities: CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.

April 12, 2024

Critical Severity Command Injection Vulnerability in Palo Alto Networks Global Protect (CVE-2024-3400)

On April 12, 2024, Palo Alto Networks disclosed a critical command injection vulnerability identified as CVE-2024-3400, impacting certain configurations of its PAN-OS software. This vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges. It affects only devices running PAN-OS 10.2, 11.0, and 11.1 with both GlobalProtect gateway and device telemetry features enabled. Security patches were released on April 14th, and Palo Alto has provided temporary mitigations through “Threat Prevention Signatures”.

February 19, 2024

Severe Connectwise Screenconnect Vulnerabilities

On February 19th, 2024, ConnectWise published a security bulletin reporting two impactful vulnerabilities in their product ConnectWise. One of these vulnerabilities is particularly severe, with a critical rating of 10.0 on the CVSS scale, indicating the highest level of risk when successfully exploited.

October 16, 2023

Critical Cisco IOS XE Vulnerability

On Monday, October 16th, 2023, Cisco’s Product Security Incident Response Team (PSIRT) released an advisory concerning a critical severity vulnerability (CVSS Base score of 10.0). This vulnerability, known to be actively exploited in the wild, is associated with the Web User Interface (Web UI) feature of Cisco IOS XE software. This vulnerability is of particular concern when the software is exposed to the internet or untrusted networks. The vulnerability has been assigned CVE-2023-20198.

July 14, 2020

Major Vulnerability in Microsoft DNS Needs Action

Microsoft announced a major vulnerability on July 14, 2020, in its Domain Name System (DNS) service component of Windows Server. The issue is documented as CVE-2020-1350 and is rated at the highest possible level of 10 out of 10. Descriptions of the security flaw state that it is ‘wormable’, which means it can be automated to conduct widespread and devastating attacks similar to WannaCry or NotPetya.

Remote Desktop Protocol: A Virtual Open Door?

Remote Desktop Protocol (RDP) is arguably the most prolific remote access tool in use today. As its name indicates, RDP defines how server and client components communicate in order to provide a graphical interface from one computer to another “remote” computer. Microsoft includes RDP functionality with most versions of its Windows operating system making it very popular and relatively easy to use.

Properly Securing Microsoft’s Remote Desktop Gateway

For decades, Microsoft’s Remote Desktop Protocol (RDP) has been used to connect to Windows computers remotely. We covered in detail many of the reasons that RDP itself presents such a high risk when exposed directly to the internet. Microsoft provided a solution to the numerous RDP-related security woes by releasing a service called Remote Desktop Gateway (RDG).

Suffering from an incident and need help?

Activate our IR Team

Prepare

Implement

Defend

Respond

Manage Risk

Beazley Insured

Featured Industries

Enabling readiness and resilience from pre-breach to remediation.

Bringing extensive experience to every engagement.

Nice to meet you. Find out more about our company here.

The latest insights and advisories from our team